Reassemble fragments with RFRAG Dispatch type and header.
Change-Id: Ifa30289069fda13fadc090fa5b78c0fcbfbae39e
Reviewed-on: https://code.wireshark.org/review/32594
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reported by Helge Magnus Keck
Change-Id: Ie36f89531d5afe617b8dd149e0ef7314209a3e52
Reviewed-on: https://code.wireshark.org/review/32780
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
That way we aren't allocating memory, reading packets from a batch, and
freeing the memory for each batch of packets delivered by dumpcap; we do
the allocation when the capture starts and the freeing when it finishes.
Change-Id: If012ab865f3a99d869535ad10827ad8680c1b10c
Reviewed-on: https://code.wireshark.org/review/32766
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
And if you call init_progfile_dir(), you must call
init_process_policies() before that.
And even if you *don't* use data_file_url(), you might use it in the
future, or you might use other calls to get data file paths, so make
*all* the extcap programs make those calls.
(Yes, this is important on macOS, for example; it may also be important
on Windows. On other UN*Xes we may just compile in the data file path,
but that's not true on *all* our platforms.)
Change-Id: I99265ed69ec24096884ec067feddd7d7f3855436
Reviewed-on: https://code.wireshark.org/review/32775
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That way we don't do initialization, possible expansion of the buffer
from its initial size, and cleanup for every packet.
Change-Id: If967bd8f0cc65631b8b128b2c048d32ba54c8033
Reviewed-on: https://code.wireshark.org/review/32774
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
proto.h:853:5: warning: declaration is marked with '\deprecated' command but does not have a deprecation attribute [-Wdocumentation-deprecated-sync]
proto.h:866:5: warning: declaration is marked with '\deprecated' command but does not have a deprecation attribute [-Wdocumentation-deprecated-sync]
Change-Id: I6da6048b2c4e2860f655ae595f4f800587c63217
Reviewed-on: https://code.wireshark.org/review/32770
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
As per IEEE 1722-2016 Annex J, AVTP packets can also be sent via IP
using UDP port 17220. This patch adds current AVTP dissector to that
port, so that dissecting AVTP over UDP works out of the box.
Change-Id: I7c052b28d672b50d14b3a04c64c4cbe8ca4080e1
Reviewed-on: https://code.wireshark.org/review/32747
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move it to the capture_session structure from the info_data_t structure,
and pass it as an argument to capture_info_new_packets().
Change-Id: I822392bbf48eeb27ba9e17b73775d2fc4349bc17
Reviewed-on: https://code.wireshark.org/review/32765
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Move it next to other capture_file fields for the currently-selected
packet, add a comment indicating that's what all those fields are for,
separate them from the following fields that *aren't* for the
currently-selected field, and explicitly use them in cf_select_packet().
Also add a comment about why we're waiting until the end to free up the
old cf->edt in cf_select_packet() and cf_unselect_packet().
Change-Id: I1653af06eeb4ebe1131bc08bcaa2dc639932c7fa
Ping-Bug: 15683
Reviewed-on: https://code.wireshark.org/review/32764
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Ethernet packets without the CRC are 1514 bytes long, not 1500 bytes
long; using 1514 bytes will avoid a reallocation for a full-sized
Ethernet packet.
Change-Id: Ie8da3f13bf3df07e23e4478b7dcf84f06dec6a9d
Reviewed-on: https://code.wireshark.org/review/32761
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This reverts commit 9445403f95.
cf_select_packet frees the buffer backing the dissection result
(cf->edt) which results in use-after-frees when callers try to access
the contents. See for example this call trace:
* PacketList::selectionChanged
* cf_select_packet(cap_file_, row)
* frameSelected(row) -> ByteViewTab::selectedFrameChanged
* addTab(source_name, get_data_source_tvb(source))
get_data_source_tvb returns the buffer that backs the dissection and
must remain valid even after dissection has completed. If this is not
done, then a possibly expensive redissection must be done in order to
populate the byte view. The temporary memory savings are not worth it.
Bug: 15683
Change-Id: Ia5ec2c7736cdebbac3c5bf46a4e2470c9236262d
Reviewed-on: https://code.wireshark.org/review/32758
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Before this change Wireshark would assume there is no USB devices that
use "device" recepient (RQT_SETUP_RECIPIENT_DEVICE) in Setup stage of
USB CONTROL messages. But there are plenty of such, examples are:
FrescoLogic's FL2000 USB Display controller, Razer USB peripherals;
there are open projects that investigate protocols for them in order to
implement OSS drivers and SW stacks.
Allow dissection of USB "device" Setup CONTROL messages by treating them
in the same way as "other" or "reserved" with assumption that at least
IntefaceClass is set to UNKNWON (0xffff) which is true for at least
beforementioned FL2000 and Razer HW implementations.
Change-Id: I44f4f8cdccd973194aeda2c39c59529d531c31b2
Reviewed-on: https://code.wireshark.org/review/32626
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reported by Helge Magnus Keck
Change-Id: If0aae0879d52a2516642d162395795c05c28b9b9
Reviewed-on: https://code.wireshark.org/review/32736
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reported by Helge Magnus Keck
Change-Id: Ia96521920b3108f2d5867c9392fd93210ac99d37
Reviewed-on: https://code.wireshark.org/review/32735
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Most code that reads from a capture_file already has its own wtap_rec
and Buffer; change the remaining ones to do so as well.
Change-Id: I9b7c136642bbb375848c37ebe23c9cdeffe830c3
Reviewed-on: https://code.wireshark.org/review/32732
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
That makes it - and the routines that implement it - work more like the
seek-read routine.
Change-Id: I0cace2d0e4c9ebfc21ac98fd1af1ec70f60a240d
Reviewed-on: https://code.wireshark.org/review/32727
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
When adding generated IID and OID bytes to the tree, use a zero offset
and length like we do elsewhere in the dissector.
Bug: 15617
Change-Id: Id900f2aeeef7926706b417622d452ffa72949e8a
Reviewed-on: https://code.wireshark.org/review/32698
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
That's just noise, especially if the signal is SIGINT.
Change-Id: I97df2396d60280e5978f637ec3bb8f93966674b8
Reviewed-on: https://code.wireshark.org/review/32718
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Catch signals/ctrl events when we're reading a capture, and stop reading
if we get one of those. When we close a print stream, restore the color
as appropriate.
Change-Id: I3dd936964560fb3902befe0fd2e961f80437ca72
Ping-Bug: 15659
Reviewed-on: https://code.wireshark.org/review/32716
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add defines for AKMS and use instead of magic values in code.
Change-Id: Ib40b88836d58b0e16dae9a2eacfdee67344bc6d8
Reviewed-on: https://code.wireshark.org/review/32712
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Put the pass 1 of a two-pass read, pass 2 of a two-pass read, and only
pass of a one-pass read into separate routines, returning success/read
error/write error status codes.
This makes the processing a bit cleaner, and makes it easier to have the
file-reading code catch signals/control events.
Change-Id: I58cd9e4b86f219f3afa2dc61b57f41978fc2f853
Reviewed-on: https://code.wireshark.org/review/32711
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
FT over IEEE 802.1X (SHA384) is also an FT AKMS so treat it
as such when dissecting the RSN IE. While at it replace the big
if statement with a function.
Bug: 15616
Change-Id: I9abe45a5c70bc062a9d6d8fb97226a3d0cde42b3
Reviewed-on: https://code.wireshark.org/review/32692
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The answer to the question "do we need to add hardened runtime
entitlements or exceptions?" in osx-app.sh is "yes". Update a comment
accordingly.
Change-Id: Icc6f9ed31838aa6342f405a244e726586e9c0c4d
Reviewed-on: https://code.wireshark.org/review/32703
Reviewed-by: Gerald Combs <gerald@wireshark.org>
This adds the entitlement to everything we sign. I cannot test a more
granular approach without access to an Apple issued codesigning cert/key
pair.
Bug: 15667
Change-Id: I9fe962a06b681d33853b0944765987e21d21be2d
Reviewed-on: https://code.wireshark.org/review/32700
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Reorganize the lists of accessors, with a top-level heading for the byte
order and subheadings for each size.
Also document ENC_HOST_ENDIAN.
Change-Id: I10131e399f6c90624a387c89340f77ea769ab33f
Reviewed-on: https://code.wireshark.org/review/32701
Reviewed-by: Guy Harris <guy@alum.mit.edu>
James Ko